Privacy Policy

Last updated: February 2026

Our Philosophy

We believe privacy is a fundamental right, not a marketing checkbox. This policy explains exactly what data we collect, why we collect it, and what happens to it. No legal jargon, no hiding things in walls of text.

What We Collect

Account Information (from Google Sign-In)

When you sign in with Google, we receive and store:

• Email address - to identify your account
• Name - to personalize your experience
• Profile photo URL - to display your avatar
• Google ID - a unique identifier for your Google account

That's it. We don't request access to your contacts, calendar, or any other Google services.

Data You Create

Everything you create in MenuPlan.pro is yours:

• Events (names, dates, venues, budgets)
• Participants (names, emails)
• Dietary profiles (allergies, restrictions, preferences)
• Menus and ingredients
• Organization and team settings

Survey Responses

When guests fill out dietary surveys, we collect:

• Name and email (to match responses to participants)
• Dietary information (allergies, restrictions, preferences)

This data is only accessible to the event organizer. Guests are not required to create accounts.

Technical Information

We collect minimal technical data to keep the service running:

• Server logs (IP addresses, request timestamps) - retained for 30 days for security
• Error reports - to fix bugs and improve reliability

What We DON'T Collect

• Credit card numbers (handled entirely by Stripe)
• Browsing history outside our site
• Location data
• Device fingerprints
• Data for advertising or profiling

How We Store Your Data

Database Architecture

Your data is stored in Turso (built on libSQL/SQLite) with per-organization isolation. This means:

• Your organization's data is physically separated from other users
• We can export your entire database as a standard SQLite file
• No mingling of data between accounts

Encryption

• All connections use TLS (HTTPS)
• Data at rest is encrypted
• Authentication tokens are hashed (SHA-256)

Payment Processing

We use Stripe to handle all payments. When you subscribe:

• Your payment information goes directly to Stripe
• We never see, store, or have access to your credit card numbers
• We only receive confirmation of successful/failed payments

Stripe has their own privacy policy: stripe.com/privacy

AI Features

When you use AI menu suggestions:

• We send event context (budget, dietary constraints) to Google's Gemini API
• We don't send personal information (names, emails) to AI services
• Google's Gemini API has its own privacy terms

Third-Party Services

We use a minimal set of trusted services:

• Google OAuth - for authentication
• Turso - for database hosting
• Stripe - for payment processing
• Google Gemini - for AI menu suggestions

We don't use analytics trackers, advertising networks, or data brokers.

Your Rights

Access Your Data

You can export your entire database at any time from your account settings. It's a standard SQLite file you can open with any SQLite tool.

Delete Your Data

One button in your profile settings deletes your account and all associated data. No waiting periods, no hoops, no guilt trips. When you delete, we delete.

Data Portability

Your data belongs to you. Export it, use it elsewhere, host it yourself. We're not interested in lock-in.

Data Retention

• Active accounts: Data retained while your account exists
• Deleted accounts: Data deleted within 24 hours of account deletion
• Server logs: Retained for 30 days, then automatically purged
• Backups: Rolling 7-day backups; deleted data removed from backups within 7 days

Children's Privacy

MenuPlan.pro is not intended for users under 16 years of age. We do not knowingly collect data from children.

Changes to This Policy

If we make significant changes, we'll notify you via email and post a notice in the app. Minor clarifications may be made without notice.

Contact Us

Questions about this policy or your data? Email us at privacy@menuplan.pro. We read and respond to every message.